Data of 45,000 NYC Students Breached in MOVEit Cyberattack
Johns Hopkins University, the University of Rochester and the University System of Georgia have also been impacted by the MOVEit hack.
Photo via Adobe, by DWP
The sensitive personal data of about 45,000 New York City public school students, as well as New York City Department of Education (DOE) staff and related service providers were compromised in the worldwide MOVEit file transfer software hack, the DOE announced on Friday.
The types of data impacted include approximately 9,000 Social Security Numbers, birth dates and employee ID numbers.
“Within hours of learning of the vulnerability, DOE had fully patched the software, working closely with NYC Cyber Command to remediate,” New York Public Schools said in an announcement on Sunday. “We also took the server offline and are continuing to keep it offline out of an abundance of caution. Currently, we have no reason to believe there is any ongoing unauthorized access to DOE systems.”
The DOE said it is still trying to determine who specifically was affected. Students whose confidential information was compromised will be contacted this summer and will be offered identity monitoring services.
New York City Public Schools is just the latest organization to announce that it was the victim of the worldwide MOVEit file transfer software hack. Many other organizations have been impacted, including Johns Hopkins University, the University System of Georgia, UCLA, the University of Rochester, the U.S. Department of Energy’s Oak Ridge Associated Universities and a Waste Isolation Pilot Plant in New Mexico, reports Tech Crunch. Other organizations impacted include the BBC, Shell, Louisiana’s Office of Motor Vehicles, British Airways, Boots, Genworth Financial, the California Public Employees’ Retirement System, Siemens, and Schneider Electric. Most of the attacks began around May 27-28 and were probably timed to take advantage of the long Memorial Day weekend, reports Bank Info Security.
Experts believe the attacks are being carried out by the Clop ransomware gang, which is believed to have pro-Russian ties. The FBI is currently investigating the breaches.
CS sister publication, MyTechDecisions.com, published guidance on how organizations can prevent MOVEit exploitation of their networks. The article can be read here.
If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!
About the Author
Robin Hattersley, Editor-in-Chief
Robin has been covering the security and campus law enforcement industries since 1998 and is a specialist in school, university and hospital security, public safety and emergency management, as well as emerging technologies and systems integration. She joined CS in 2005 and has authored award-winning editorial on campus law enforcement and security funding, officer recruitment and retention, access control, IP video, network integration, event management, crime trends, the Clery Act, Title IX compliance, sexual assault, dating abuse, emergency communications, incident management software and more. Robin has been featured on national and local media outlets and was formerly associate editor for the trade publication Security Sales & Integration. She obtained her undergraduate degree in history from California State University, Long Beach.
Related Content
Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century
This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!
